Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 31 Oct 2014, 03:05
All times are UTC - 4
 Forum index » House Training » HOWTO ( Solutions )
How to get eduroam / wpa2 enterprise to work with ttls
Moderators: Flash, Ian, JohnMurga
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count_1  
Author Message
Qopzeep

Joined: 16 Jul 2011
Posts: 9

PostPosted: Sat 17 Sep 2011, 09:18    Post_subject:  How to get eduroam / wpa2 enterprise to work with ttls
Sub_title: In Lucid Puppy 525
 

Hi all,

After some fidgeting I got this to work and would like to share it with you, for any others who might be struggling with this.

Disclaimer:
All these instructions work for Lucid Puppy 5.2.5. I have not tested them with other versions.
I am not a (Puppy) Linux expert at all. This guide came to be through much trial and error, with the emphasis on error. With this guide, I hope to save new users time by sharing what works for me.
You can ask questions if it doesn't work, but I can't promise you that I can help.

It is likely that this guide contains errors, or superfluous instructions. Feel free to point them out, so can I optimise this guide and learn a thing or two at the same time Smile! More advanced users can help us out by answering the questions located at the bottom of this post. Thanks!


eduroam
eduroam (education roaming) is a secure international roaming service for users in Higher Education. [...] Participating institutions are typically universities and other research and educational organisations. eduroam allows a user belonging to one institution to get network access when visiting another institution. [...] The visiting user is authenticated using the same credentials (username and password) that they would at their home institution.
From https://secure.wikimedia.org/wikipedia/en/wiki/Eduroam

eduroam is basically a WPA2 enterprise network, encrypted with AES. It uses the TTLS protocol. This short guide should work for different protocols as well, however.

How-to:

Step 1: preparation
The Network wizard GUI doesn't offer us the options needed for an AES/TTLS connection. In order to get eduroam to work, we need to make a custom *.config file for wpa_supplicant.

Open up Geany (or your favourite editor) and type:
Code:

#ctrl_interface=/var/run/wpa_supplicant
#ap_scan=1
#update_config=1

network={
   ssid="eduroam"
   scan_ssid=1
   key_mgmt=WPA-EAP
   eap=TTLS
   anonymous_identity="1. Anonymous identity"
   identity="2. Identity"
   password="3. Password"
   phase2="auth=PAP"
   ca_cert="4. Path to certificate"
   priority=2
}

[Question for the advanced users, see below under 'Questions'!]
First, save this file to /etc/network-wizard/wireless/wpa_profiles, as eduroam.conf .

As you can see, there are four things you have to fill out yourself.
1. Anonymous identity. Your institution should be able to tell you this. Mostly it's anonymous@<institution name>.<com/eu/etc.>.
2. Identity. Your login name. This is probably similar to what you use to login to the online environment of your institution (such as blackboard, email). If you don't know what you should enter here, ask your institution.
3. Password. This is the password associated with your identity.
4. Path to where your certificate is located. We'll deal with that now.

As far as I know, a certificate is not mandatory for eduroam to work, but it does make it safer. First, check with your institution if they have a certificate of their own (they should). If they don't, I have included the one from my institution below the instructions.

- Create a new directory in /etc called certificate.
- Copy and paste the certificate into a new file in your editor, and save it as certificate.der in /etc/certificate

This is the certificate my institution provided. I don't know whether it'll work for you, but you can always try:
Code:
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----


In the eduroam.conf file, enter the path to the newly created certificate:
Code:

ca_cert="/etc/certificate/certificate.der"


Save the config file, and exit.


Step 2: execution
Now you should be good to go. Make sure your wifi is turned on, that you're disconnected from any networks and that you're in an eduroam zone.

1. Start up a terminal window (Start button -> Utility -> Urxvt terminal emulator).

2. Enter the following line:
Code:
wpa_supplicant -Dwext -i eth0 -c /etc/network-wizard/wireless/wpa_profiles/Eduroam.conf -B

Explanation:
  • wpa_supplicant: the tool that we use to connect to the internet.
  • -Dwext: this is the driver that wpa_supplicant uses for your wifi-adapter. '-D' determines the network driver to use. In this case, we're using the driver wext.
    You might need to change this! If it doesn't work, you can try -Dmadwifi or -Dndiswrapper, which are two other drivers. If those don't work, look up your driver here (thanks tempestuous!): http://www.murga-linux.com/puppy/viewtopic.php?p=159336#159336
  • -i eth0: here we specify the interface of the network adapter to use.
    You might need to change this! The name of your network adapter can change on a per boot basis (it does for me). Check by entering the command iwconfig. This will list your network adapters. [Question for the advanced users, see below under 'Questions'!]
  • -c /etc/network-wizard/wireless/wpa_profiles/Eduroam.conf: here we tell wpa_supplicant where to find the correct config file to use. This is the file we created in step 1.
  • -B: this will send the process to the background once it's running. Important: because wpa_supplicant is backgrounded, it won't output any errors it might encounter. Therefore, I recommend that you don't include it until you're sure it's running fine. First couple of times, try it without the -B option.


After you've executed that command, wpa_supplicant will start working. You're not connected to the internet yet, though. See step 3 below.

Wpa_supplicant might give you some errors (for instance, it tells me that the association with driver fails), but it should work. [Question for the advanced users, see below under 'Questions'!]

Look for the command that says that EAP authentication is successful. Wpa_supplicant should output somewhere between 15-30 lines of code. If it continues to try and authenticate/associate, something is wrong. Remember, you can force it to quit using ctrl + C !

If you didn't include the -B option in the line, the ongoing process of wpa_supplicant will occupy this terminal window, making it unusable until the process is stopped. After executing this command, don't close this terminal window. Minimise it and leave it alone.

3. Now that we're associated with eduroam, we need to ask it for an IP-address. Open up a new terminal window and type:
Code:
dhcpcd

This command will automatically acquire an IP-address, after which it will fork to the background. If it reports back that it's successful, you should now be able to SURF THE INTERNETS! Very Happy

Questions/Remarks

Questions:
- Are the three lines at the beginning of the *.config files (preceded by the hash-sign) necessary?
- [SOLVED] Can I use the option '-B' to run wpa_supplicant in the background?
Yes. This post gave me the answer: http://www.murga-linux.com/puppy/viewtopic.php?p=216669#216669
- Why does wpa_supplicant give me the error that the association with the driver failed?
- Why does the interface name of my wifi-adapter and my ethernet adapter switch around? Sometimes eth0 is ethernet, and eth1 is wifi, while the next boot it can be the other way round!

---------------

I hope this helps you guys out. If there is any trouble, ask your questions here or on the forums. Good luck!
~Qopzeep
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count_1  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » House Training » HOWTO ( Solutions )
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0725s ][ Queries: 11 (0.0068s) ][ GZIP on ]